fix: save authorizer data in authorizer property

src/config/offline-default.req.vm

@@ -11,14 +11,27 @@
   "body": $input.json("$"),
   "method": "$context.httpMethod",
   "principalId": "$context.authorizer.principalId",
+  #set( $map = $context.authorizer )
+  ## see https://github.com/serverless/serverless/issues/4374
+  "enhancedAuthContext": {
+    #foreach($key in $map.keySet())
+      ## The claims are not part of the enhancedAuthContext in serverless and should be excluded.
+      ## However it is more practical to set this property to null as defined in
+      ## https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference
+      #if($key == "claims")
+      "$key": null
+      #else
+      "$key": "$util.escapeJavaScript($map.get($key))"
+      #end
+      #if($foreach.hasNext),#end
+    #end
+  },
   #set( $map = $input.params().header )
   "headers": $loop,
   #set( $map = $input.params().querystring )
   "query": $loop,
   #set( $map = $input.params().path )
   "path": $loop,
-  #set( $map = $context.enhancedAuthContext )
-  "enhancedAuthContext": $loop,
   #set( $map = $context.identity )
   "identity": $loop,
   #set( $map = $stageVariables )

src/createAuthScheme.js

@@ -221,7 +221,7 @@ module.exports = function createAuthScheme(
                 `Authorization function returned a successful response: (λ: ${authFunName})`,
               );
 
-              const enhancedAuthContext = {
+              const authorizer = {
                 principalId: policy.principalId,
                 integrationLatency: '42',
                 ...policy.context,
@@ -233,8 +233,8 @@ module.exports = function createAuthScheme(
                   credentials: {
                     context: policy.context,
                     usageIdentifierKey: policy.usageIdentifierKey,
-                    enhancedAuthContext,
                     principalId: policy.principalId,
+                    authorizer,
                   },
                 }),
               );

src/createVelocityContext.js

@@ -26,11 +26,10 @@ function escapeJavaScript(x) {
 */
 module.exports = function createVelocityContext(request, options, payload) {
   const path = (x) => jsonPath(payload || {}, x);
-  const enhancedAuthContext =
-    request.auth &&
-    request.auth.credentials &&
-    request.auth.credentials.enhancedAuthContext;
   const authPrincipalId = request.auth && request.auth.credentials && request.auth.credentials.principalId;
+  let authorizer = request.auth
+    && request.auth.credentials
+    && request.auth.credentials.authorizer;
   const headers = request.unprocessedHeaders;
 
   let token = headers && (headers.Authorization || headers.authorization);
@@ -39,11 +38,18 @@ module.exports = function createVelocityContext(request, options, payload) {
     [, token] = token.split(' ');
   }
 
-  let claims;
+  if (!authorizer) authorizer = {};
+  authorizer.principalId = authPrincipalId
+    || process.env.PRINCIPAL_ID
+    || 'offlineContext_authorizer_principalId'; // See #24
+
 
   if (token) {
     try {
-      claims = decode(token) || undefined;
+      const claims = decode(token) || undefined;
+      if (claims) {
+        Object.assign(authorizer, { claims });
+      }
     } catch (err) {
       // Nothing
     }
@@ -52,14 +58,7 @@ module.exports = function createVelocityContext(request, options, payload) {
   return {
     context: {
       apiId: 'offlineContext_apiId',
-      authorizer: {
-        principalId:
-          authPrincipalId ||
-          process.env.PRINCIPAL_ID ||
-          'offlineContext_authorizer_principalId', // See #24
-        claims,
-      },
-      enhancedAuthContext: enhancedAuthContext || {},
+      authorizer,
       httpMethod: request.method.toUpperCase(),
       identity: {
         accountId: 'offlineContext_accountId',